{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T14:54:22.288","vulnerabilities":[{"cve":{"id":"CVE-2024-13088","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2025-06-06T16:15:23.323","lastModified":"2025-09-24T20:32:05.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.5.0.140 and later"},{"lang":"es","value":"Se ha reportado una vulnerabilidad de autenticaciĆ³n incorrecta que afecta a QHora. Si un atacante obtiene acceso a la red local, puede explotar la vulnerabilidad para comprometer la seguridad del sistema. Ya hemos corregido la vulnerabilidad en la siguiente versiĆ³n: QuRouter 2.5.0.140 y posteriores."}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.0.190:build_20240522:*:*:*:*:*:*","matchCriteriaId":"42432B47-A274-4AC7-9E02-0D2D257A6FC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.1.172:build_20240606:*:*:*:*:*:*","matchCriteriaId":"77451C56-4576-4CCC-B7FD-7C874F22C3CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.1.634:build_20240710:*:*:*:*:*:*","matchCriteriaId":"18080300-EC8D-4F8E-926E-25D0119870AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.2.317:build_20240903:*:*:*:*:*:*","matchCriteriaId":"8B8B0134-D750-4258-A0A1-CDBD90728B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.2.538:build_20240923:*:*:*:*:*:*","matchCriteriaId":"128C912D-D659-40A7-A0C1-185552C99CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.3.103:build_20241011:*:*:*:*:*:*","matchCriteriaId":"95B7AAFE-A97C-4A81-AA34-D7548CFF4855"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.4.106:build_20241017:*:*:*:*:*:*","matchCriteriaId":"38F814E5-382C-4765-93DD-4A17C5BC1820"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.5.032:build_20241029:*:*:*:*:*:*","matchCriteriaId":"E4700EE7-EE4A-44C6-A907-E38DC9E906B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.4.6.028:build_20250207:*:*:*:*:*:*","matchCriteriaId":"10C4DB32-20E2-4672-BCD6-25F91722561A"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-25-15","source":"security@qnapsecurity.com.tw","tags":["Vendor Advisory"]}]}}]}